CVE-2025-58369

EPSS 0.09%
Veröffentlicht 05.09.2025 21:59:58
Zuletzt bearbeitet 07.11.2025 12:15:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down `write` while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions  2.5.13, 3.12.1, and 3.13.0-M7.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellertypelevel

≫

Produkt fs2

Version >= 3.0.0-M1, < 3.12.2

Status affected

Version >= 3.13.0-M1, < 3.13.0-M7

Status affected

Version < 2.5.13

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.255

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/typelevel/fs2/security/advisories/GHSA-rrw2-px9j-qffj

https://github.com/typelevel/fs2/issues/3590

https://github.com/typelevel/fs2/commit/46e2dc3abf994dcf3d0b804b2ddb3c10c04d4976

https://github.com/typelevel/fs2/commit/5c6c4c6c1ef330f7e6b53661ecc63d5f5ba8885c

https://github.com/typelevel/fs2/releases/tag/v3.12.2

https://github.com/typelevel/fs2/releases/tag/v3.13.0-M7

https://github.com/typelevel/fs2/commit/edf0c4f2e660360d1c1a8c5377ce32294de89238

https://nvd.nist.gov/vuln/detail/CVE-2025-58369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58369

EUVD